Updated: 2024-05-24 02:42:36.616087
Description:
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | NONE | 0 |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | python3 | 3.9.16 | 7.8 | HIGH | Released | CLSA-2024:1720547879 | 2024-07-09 14:24:56 | |
CentOS 7 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1720548714 | 2024-07-23 17:19:27 | |
CentOS 8.4 ELS | python2 | 2.7.18 | 7.8 | HIGH | Not Vulnerable | 2024-07-03 11:22:59 | ||
CentOS 8.4 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1720178532 | 2024-07-05 10:17:11 | |
CentOS 8.5 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1720548691 | 2024-07-09 14:24:56 | |
CentOS 8.5 ELS | python2 | 2.7.18 | 7.8 | HIGH | Not Vulnerable | 2024-07-03 11:22:59 | ||
CentOS Stream 8 ELS | python2 | 2.7.18 | 7.8 | HIGH | Not Vulnerable | 2024-07-17 05:37:35 | ||
CloudLinux 7 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1727288754 | 2024-10-07 10:50:29 | |
Ubuntu 16.04 ELS | python3.5 | 3.5.2 | 7.8 | HIGH | Not Vulnerable | 2024-07-29 11:26:49 | ||
Ubuntu 18.04 ELS | python3.6 | 3.6.9-1 | 7.8 | HIGH | Not Vulnerable | 2024-07-29 11:26:49 |